Summary
Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
Solution
For the stable distribution (wheezy), this problem has been fixed in version 3.2.60-1+deb7u1. In addition, this update contains several bugfixes originally targeted for the upcoming Wheezy point release.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your linux packages.
Insight
The Linux kernel is the core of the Linux operating system.
Affected
linux on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-4699 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities